Amon2
4 results

 view release on metacpan or  search on metacpan

Changes  view on Meta::CPAN 

2.39 2011-07-07
    
    - upgrade jquery to 1.6.2(tokuhirom)

2.38 2011-06-14

    - optimize directory structure for dotcloud(tokuhirom).

2.37 2011-06-06

    - escape JSON data for IE7's Content-Type vulnerability.

2.36 2011-05-30

    - generate (404|50[023]).html for dotcloud.
    - auto_include considered harmful
    - Text::MicroTemplate is no longer required by Amon2 core.

2.35 2011-05-14

    - fixed deps: JSON 2 is required.

lib/Amon2/Plugin/Web/JSON.pm  view on Meta::CPAN 

You can use JSONP by using L<Plack::Middleware::JSONP>.

=back

=head1 JSON and security

=over 4

=item Browse the JSON files directly.

This module escapes '<', '>', and '+' characters by "\uXXXX" form. Browser don't detects the JSON as HTML.

And also this module outputs C<< X-Content-Type-Options: nosniff >> header for IEs.

It's good enough, I hope.

=item JSON Hijacking

Latest browsers doesn't have a JSON hijacking issue(I hope). __defineSetter__ or UTF-7 attack was resolved by browsers.

But Firefox<=3.0.x and Android phones have issue on Array constructor, see L<http://d.hatena.ne.jp/ockeghem/20110907/p1>.

lib/Amon2/Web.pm  view on Meta::CPAN 

}

sub uri_for {
    my ($self, $path, $query) = @_;
    my $root = $self->req->{env}->{SCRIPT_NAME} || '/';
    $root =~ s{([^/])$}{$1/};
    $path =~ s{^/}{};

    my @q;
    while (my ($key, $val) = each %$query) {
        $val = URI::Escape::uri_escape(Encode::encode($self->encoding, $val));
        push @q, "${key}=${val}";
    }
    $root . $path . (scalar @q ? '?' . join('&', @q) : '');
}

sub render {
    my $self = shift;
    my $html = $self->create_view()->render(@_);

    for my $code ($self->get_trigger_code('HTML_FILTER')) {

share/flavor/Minimum/lib/__PATH__/Web/View.pm  view on Meta::CPAN 

    }
    my $view = Text::Xslate->new(+{
        'syntax'   => 'Kolon',
        'module'   => [
            'Text::Xslate::Bridge::Star',
            '<% $view_functions_package // ($module ~ "::Web::ViewFunctions") %>',
        ],
        'function' => {
        },
        ($context->debug_mode ? ( warn_handler => sub {
            Text::Xslate->print( # print method escape html automatically
                '[[', @_, ']]',
            );
        } ) : () ),
        %$view_conf
    });
    return $view;
}

1;



( run in 0.597 second using v1.01-cache-2.11-cpan-98e64b0badf )